diff options
author | Todd Short <tshort@akamai.com> | 2021-08-09 16:56:50 -0400 |
---|---|---|
committer | Todd Short <todd.short@me.com> | 2022-10-18 09:30:22 -0400 |
commit | b67cb09f8ddf258cf326f3e7b20be095fb53457c (patch) | |
tree | b31a978e8c71e972e84fd03b4de92491deff032a /doc/man1/openssl-s_server.pod.in | |
parent | 59d21298df9176b64b41cc8583c7024f7f5895d4 (diff) |
Add support for compressed certificates (RFC8879)
* Compressed Certificate extension (server/client)
* Server certificates (send/receive)
* Client certificate (send/receive)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)
Diffstat (limited to 'doc/man1/openssl-s_server.pod.in')
-rw-r--r-- | doc/man1/openssl-s_server.pod.in | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in index 8fa041c2fe..94f3b4b46c 100644 --- a/doc/man1/openssl-s_server.pod.in +++ b/doc/man1/openssl-s_server.pod.in @@ -92,6 +92,8 @@ B<openssl> B<s_server> [B<-naccept> I<+int>] [B<-read_buf> I<+int>] [B<-bugs>] +[B<-no_tx_cert_comp>] +[B<-no_rx_cert_comp>] [B<-no_comp>] [B<-comp>] [B<-no_ticket>] @@ -139,6 +141,7 @@ B<openssl> B<s_server> [B<-no_anti_replay>] [B<-num_tickets>] [B<-tfo>] +[B<-cert_comp>] {- $OpenSSL::safe::opt_name_synopsis -} {- $OpenSSL::safe::opt_version_synopsis -} {- $OpenSSL::safe::opt_v_synopsis -} @@ -604,6 +607,14 @@ further information). There are several known bugs in SSL and TLS implementations. Adding this option enables various workarounds. +=item B<-no_tx_cert_comp> + +Disables support for sending TLSv1.3 compressed certificates. + +=item B<-no_rx_cert_comp> + +Disables support for receiving TLSv1.3 compressed certificates. + =item B<-no_comp> Disable negotiation of TLS compression. @@ -820,6 +831,9 @@ data that was sent will be rejected. Enable acceptance of TCP Fast Open (RFC7413) connections. +=item B<-cert_comp> + +Pre-compresses certificates (RFC8879) that will be sent during the handshake. {- $OpenSSL::safe::opt_name_item -} @@ -947,7 +961,8 @@ The The B<-srpvfile>, B<-srpuserseed>, and B<-engine> option were deprecated in OpenSSL 3.0. -The -tfo option was added in OpenSSL 3.2. +The B<-tfo>, B<-no_tx_cert_comp>, and B<-no_rx_cert_comp> options were added +in OpenSSL 3.2. =head1 COPYRIGHT |